I used the code at https://github.com/oktadeveloper/okta-spring-boot-saml-example to understand how to use Okta for SSO. We are using SAML. My question is how to detect if the session is still valid and if not, redirect the user to the Okta log in page.
I tried using HttpSession but I did not know how to link it to Okta.
If someone can give me a few pointers as to where to start, I would appreciate it.
Thanks
The short and best answer is no.
You can use Javascript on the browser to see if the User still has a live session with Okta using this:
https://developer.okta.com/docs/reference/api/sessions/#get-current-session
There is a way using the Sessions API to authenticate a User, and then check to make sure the session is still valid, but managing the state creates more headaches than it's worth. I would not suggest doing this.
If you are using Oauth 2.0, then it's easier, you can just redirect the User to Okta and perform a re-authorize more easily, plus Oauth 2.0 tells you when the token was minted.
